REMARKS 



The Office Action dated May 5, 2008, has been received and carefully noted. The 
above amendments to the claims, and the following remarks, are submitted as a full and 
complete response thereto. 

Claims 1, 5, 6, and 19 have been amended to more particularly point out and 
distinctly claim the subject matter of the invention. Claims 1-17 and 19-21 are 
respectfully submitted for consideration. 

Claims 1-14 were rejected under 35 U.S.C. 112, second paragraph. Specifically, 
the Office Action took the position that there is insufficient antecedent basis for the 
limitation "the known range." In light of the above amendments to claim 1, the rejection 
is rendered moot. As such, it is respectfully requested that the rejection of claim 1 be 
withdrawn. Claims 2-14 should also be allowed at least for their dependence upon claim 
1. 

Claim 15-17 were rejected under 35 U.S.C. 112, second paragraph. Specifically, 
the Office Action took the position that there is insufficient antecedent basis for the 
limitation "the mobile node." In response, claim 15 has been amended as shown above. 
As such, it is respectfully requested that the rejection of claim 15 be withdrawn. Claims 
16 and 17 should also be allowed at least for their dependence upon claim 15. 

Claim 19 was rejected under 35 U.S.C. 112, second paragraph. Specifically, the 
Office Action took the position that there is insufficient antecedent basis for the 
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limitation "the known range." In light of the above amendments to claim 19, the 
rejection is rendered moot. As such, it is respectfully requested that the rejection of claim 
19 be withdrawn. 

Claim 21 should be allowed at least for its dependency upon claim 1. 

Claim 19 was objected to because of informalities. Claim 19 has been amended to 
fix the informalities. As such, it is respectfully requested that the objection be 
withdrawn. 

Claims 1-4, 7-10, 14, and 19 were rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent Application No. 10/323,486 of Adrangi et al. (Adrangi) in 
view of U.S. Patent Publication No. 2004/0120295 of Liu et al. (Liu I) and further in 
view of U.S. Patent Publication 2003/0212900 of Liu et al. (Liu II). The Office Action 
took the position that Adrangi, Liu I, and Liu II describe all of the features of claims 1-4, 
7-10, 14, and 19. Applicants respectfully submit that the claims recite subject matter that 
is neither disclosed nor suggested in Adrangi, Liu I, and Liu II. 

Independent claim 1, upon which claims 2-14 are dependent, recites a system that 
includes a mobile node belonging to a home network located within a secure network, the 
mobile node having a network interface configured to communicate with other nodes, the 
mobile node having only one security association and only one mobility binding with a 
home agent so as to provide secure mobile connectivity that implements a mobile internet 
protocol home agent functionality. The system includes a proxy home agent connected to 
the home network and located within the secure network, wherein the proxy home agent 
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is configured to provide a proxying functionality. The system includes the home agent 
located outside of the secure network, wherein the home agent is configured to provide a 
signaling and tunneling functionality and to notify the proxy home agent of the mobile 
node. The system includes a virtual private network gateway located outside the secure 
network and configured to work in conjunction with the home agent. The system 
includes a demilitarized zone located outside the secure network, wherein the virtual 
private network gateway and the home agent reside in the demilitarized zone. The 
system includes a first firewall between the secure network and the demilitarized zone. 
The mobile node has a permanent address in a known range and the first firewall is 
programmed to deny all communications from the demilitarized zone with a source 
address in the known range. 

Independent claim 15, upon which claims 16 and 17 are dependent, recites a 
method that includes establishing a proxy home agent located within the secure network 
to monitor data directed to the mobile node so as to secure communication between a 
mobile node associated with a home network in a secure network and a correspondent 
node. The method includes establishing a home agent configured to create only one 
security association with the mobile node and only one mobility binding with the mobile 
node and to notify the proxy home agent of the mobile node. The method includes 
collecting data directed to the mobile node. The method includes packaging the collected 
data in a virtual private network secure tunnel to an internal address of the mobile node to 
create virtual protocol network packaged data. The method includes tunneling the virtual 
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protocol network packaged data to a current address of the mobile node. The method 
includes packaging the collected data in an intemet-protocol-in-internet-protocol tunnel 
and sending it to a virtual protocol network device for virtual protocol network 
encryption and tunneling the virtual protocol network packaged data to the current 
address of the mobile node. 

Independent claim 19, upon which claim 21 is dependent, recites a system that 
includes means for establishing a proxy home agent located within a secure network to 
monitor data directed to a mobile node so as to secure mobile connectivity that 
implements mobile internet protocol home agent functionality via distributed 
components. The system includes means for establishing a home agent configured to 
create only one security association with the mobile node and only one mobility binding 
with the mobile node and to notify the proxy home agent of the mobile node. The system 
includes means for collecting data directed to the mobile node. The system includes 
means for packaging the collected data in a virtual private network secure tunnel to an 
internal address of the mobile node to create virtual private network packaged data. The 
system includes means for tunneling the virtual private network packaged data to a 
current address of the mobile node. 

The system includes means for the home agent to communicate to the proxy home 
agent that the mobile node has moved outside its home network. The system includes 
means for the home agent to communicate to the proxy home agent that the mobile node 
has come back to its home network. The system includes means for enabling the proxy 
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home agent to create and remove a proxy address resolution protocol entry for a 
permanent address associated with the mobile node. The system includes means for 
providing a demilitarized zone located outside the secure network. The virtual private 
network gateway and the home agent reside in the demilitarized zone, and a firewall 
between the secure network and the demilitarized zone. The mobile node has a 
permanent address in a known range and the first firewall is programmed to deny all 
communications from the demilitarized zone with a source address in the known range. 

Independent claim 20 recites a computer program embodied on a computer 
readable medium, the computer program being configured to control a processor to 
perform establishing a proxy home agent located within a secure network to monitor data 
directed to a mobile node, establishing a home agent configured to create only one 
security association with the mobile node and only one mobility binding with the mobile 
node and to notify the proxy home agent of the mobile node, collecting data directed to 
the mobile node, and packaging the collected data in a virtual private network secure 
tunnel to an internal address of the mobile node to create virtual private network 
packaged data, and tunneling the virtual private network packaged data to a current 
address of the mobile node, and packaging the collected data in an internet-protocol-in- 
internet-protocol tunnel and sending it to a virtual protocol network device for virtual 
protocol network encryption and tunneling the virtual protocol network packaged data to 
the current address of the mobile node. 
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As will be discussed below, the cited references fail to disclose or suggest all of 
the features of all of the presently pending claims. 

On page 16, the Office Action acknowledged that claim 6 would be allowable 
since none of the cited references discloses or renders obvious the limitation of the 
mobile node having a permanent address in a known range, the first firewall denying all 
communications from the demilitarized zone with a source address in the known range. 
As discussed above, independent claims 1 and 19 have been amended to include the 
above-identified allowable features of claim 6. Thus, it is respectfully requested that the 
rejection to claims 1 and 19 be withdrawn. 

Claims 2-4, 7-10, and 14 are dependent upon claim 1. As such, claims 2-4, 7-10, 
and 14 should be allowed for at least their dependence upon claim 1, and for the specific 
limitations recited therein. 

Claims 15-17 and 20 were rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Application No. 10/323,486 of Adrangi et al. (Adrangi) in view of Liu I. 
Applicants respectfully submit that the claims recite subject matter that is neither 
disclosed nor suggested in Adrangi and Liu I. 

Applicants respectfully submit that Adrangi fails to disclose or suggest, at least, 
"establishing a home agent configured to create only one security association with the 
mobile node and only one mobility binding with the mobile node and to notify the proxy 
home agent of the mobile node," as recited in claims 15 and 20. The Office Action took 
the position that paragraph [0020] of Adrangi discloses the above-identified feature. 
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However, paragraph [0020] of Adrangi merely describes that the network topology may 
include at least two home agents, one (or more) located on Corporate Intranet 100 ("HAi 
300") and the other located external to Corporate Intranet 100 ("HAx 305"). The cited 
portion does not describe establishing a home agent configured to create only one 
security association with the mobile node and only one mobility binding with the mobile 
node and to notify the proxy home agent of the mobile node. Thus, Adrangi does not 
disclose or suggest all of the features of claims 15 and 20. Liu I and Liu II do not cure 
the deficiencies in Adrangi as failing to disclose the above feature. Therefore, the 
combination of Adrangi, Liu I, and Liu II fails to disclose or suggest all of the elements 
of claims 15 and 20. It is respectfully requested that the rejection to claims 15 and 20 be 
withdrawn. 

Claims 16 and 17 are dependent upon claim 15. As such, claims 16 and 17 should 
be allowed for at least their dependence upon claim 15, and for the specific limitations 
recited therein. 

Furthermore, the Office Action took the position that paragraph [0026] to [0028] 
of Adrangi discloses "packaging the collected data in a VPN secure tunnel to an internal 
address of the mobile node to create VPN packaged data and tunneling the VPN 
packaged data to a current address of the mobile node." However, the cited portion is 
silent regarding the claimed features of claims 15 and 20. Also, Adrangi does not 
disclose or suggest "packaging the collected data in an internet-protocol-in-internet- 
protocol tunnel and sending it to a virtual protocol network device for virtual protocol 
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network encryption and tunneling the virtual protocol network packaged data to the 
current address of the mobile node," as recited in claims 15 and 20. The Office Action 
cited paragraphs [0029] to [0030] and Fig. 6 of Adrangi to describe this feature. 
However, the cited portion is simply silent regarding the claimed features. Instead, the 
cited portion merely describes a packet flow diagram illustrating the packet transmission 
from CN 310 on Corporate Intranet 100 to MN 140 on External Network 205. Adrangi 
does not mention packaging the collected data in an internet-protocol-in-internet-protocol 
tunnel. 

For the reasons explained above, it is respectfully submitted that each of claims 1- 
17 and 19-21 recites subject matter that is neither disclosed nor suggested in the cited art. 
Also, it is respectfully submitted that the subject matter is more than sufficient to render 
the claimed invention unobvious to a person of ordinary skill in the art. It is, therefore, 
respectfully requested that all of claims 1-17 and 19-21 be allowed, and that this 
application be passed to issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, the applicants 1 undersigned representative at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, the applicants respectfully petition 



for an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 

Respectfully submitted, 




Sejoon Ahn 
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